All Versions
52
Latest Version
Avg Release Cycle
31 days
Latest Release
34 days ago

Changelog History
Page 1

  • v2.23.0 Changes

    April 22, 2022

    • Don't automatically set :httponly cookie option if :http_only option is set in remember feature (jeremyevans)

    • ๐Ÿ›  Fix invalid domain check in internal_request feature when using Rack 3 (jeremyevans)

    • ๐Ÿ‘‰ Make removing all multifactor authentication methods mark session as not authenticated by SMS (janko) (#235)

    • ๐Ÿ‘‰ Use use_path option when rendering QR code to svg in the otp feature, to reduce svg size (jeremyevans)

  • v2.22.0 Changes

    March 22, 2022

    • Ignore parameters where the value includes a null byte by default, add null_byte_parameter_value configuration method for customization (jeremyevans)

    • ๐Ÿ– Handle sessions created before active_sessions feature was enabled during logout (jeremyevans) (#224)

    • Add reset_password_notify for emailing users after successful password resets (jeremyevans)

    • An email method can now be used in external features to DRY up email creation code (jeremyevans)

    • The change_password_notify feature now correctly handles template precompilation (jeremyevans)

    • ๐Ÿ›  Fix update_sms to update stored sms hash (bjeanes) (#222)

  • v2.21.0 Changes

    February 23, 2022

    • Avoid extra bcrypt hashing on account verification when using account_password_hash_column (janko) (#217)

    • ๐Ÿ‘‰ Make require_account public (janko) (#212)

    • ๐Ÿ‘ฎ Force specific date/time format when displaying webauthn last use time (jeremyevans)

    • Automatically clear the session in require_login if users go beyond verify account grace period (janko) (#211)

    • Fix typo in default value of global_logout_label in active_sessions plugin (sterlzbd) (#209)

  • v2.20.0 Changes

    January 24, 2022

    • Change the default implementation of webauth_rp_id to not include the port (jeremyevans) (#203)

    • ๐Ÿšš Make logout of all sessions in active_sessions plugin also remove remember key if using remember plugin (jeremyevans)

  • v2.19.0 Changes

    December 22, 2021

    • Add login_maximum_bytes, setting the maximum number of bytes in a login, 255 by default (jeremyevans)

    • Add password_maximum_bytes, setting the maximum number of bytes in a password, nil by default for no limit (jeremyevans)

    • Add password_maximum_length, setting the maximum number of characters in a password, nil by default for no limit (jeremyevans)

    • ๐Ÿ‘Œ Support multi-level inheritance of Rodauth::Auth (janko) (#191)

    • ๐Ÿ‘ Allow internal_request feature to work correctly when loaded into custom Rodauth::Auth subclasses before loading into a Roda application (janko) (#190)

    • Assign internal subclass created by internal_request feature to the InternalRequest constant (janko) (#187)

  • v2.18.0 Changes

    November 23, 2021

    • ๐Ÿ‘ Allow JSON API access to /multifactor-manage to get links to setup/disable multifactor authentication endpoints (jeremyevans)

    • ๐Ÿ‘ Allow JSON API access to /multifactor-auth to get links to possible multifactor authentication endpoints (jeremyevans)

    • Set configuration_name on class passed via :auth_class option if not already set (janko, jeremyevans) (#181)

    • ๐Ÿ’… Use viewbox: true option when creating QR code in otp feature, displays better and easier to style when using rqrcode 2+ (jeremyevans)

    • ๐Ÿ‘‰ Make argon2 feature work with argon2 2.1.0 (jeremyevans)

  • v2.17.0 Changes

    September 24, 2021

    • Make jwt_refresh work correctly with verify_account_grace_period (jeremyevans)

    • ๐Ÿ‘‰ Use 4xx status code when attempting to login to or create an unverified account (janko) (#177, #178)

  • v2.16.0 Changes

    August 23, 2021

    • โž• Add Rodauth.lib for using Rodauth as a library (jeremyevans)

    • ๐Ÿ”ง Make internal_request feature work if the configuration uses only_json? true (janko) (#176)

  • v2.15.0 Changes

    July 27, 2021

    • Add path_class_methods feature, for getting paths/URLs using class methods (jeremyevans)

    • ๐Ÿ”ง Make default base_url method use configured domain (janko) (#171)

    • โž• Add internal_request feature, for interacting with Rodauth by calling methods (jeremyevans, janko)

  • v2.14.0 Changes

    June 22, 2021

    • ๐Ÿ‘‰ Make jwt_refresh feature allow refresh with expired access tokens even if prefix is not set correctly (jeremyevans) (#168)

    • Make internal account_in_unverified_grace_period? method handle accounts missing or unverified accounts (janko, jeremyevans) (#167)

    • Add remembered_session_id configuration method for getting session id from valid remember token if present (bjeanes) (#166)